The Contracts Factory – Clocking On In Time for GDPR Enforcement

As we are all aware, it’s not long to go now until the GDPR comes into force – May 25th this year to be exact. The General Data Protection Regulation became law in 2016 but there has been a two-year implementation period, which is fast coming to an end before enforcement starts in earnest.

The past two years have seen most larger corporations setting up cross-functional GDPR teams to cope with compliance. Some smaller firms will have engaged consultants on-site to help with the task. But it is a large task, and not everyone is yet prepared. Even where these two scenarios have been adopted, it is still a challenge for procurement, with a number of external supplier interactions needed, and the whole transactional process to go through – it all needs to be managed and controlled in a tightly structured manner.

Procurement advisory firm, Odesma, has come up with a professional solution to help organisations through this time-consuming and rather involved process. We were intrigued, so we caught up with Nick Ford, the company’s Executive Director, to find out more about the initiative he’s been driving, which they like to call ‘The Contracts Factory.’

“The Contracts Factory,” he explained, “is a service you can outsource to that takes care of GDPR contract compliance. Having worked with procurement and supply chain teams to implement a GDPR-compliant programme over the past two years, we’ve learnt some fundamental lessons about what it takes to achieve the right compliance levels, and we discovered that there are some real value-added by-products of the whole process.”

The new regulations affect every contract that’s still live, and which has an element of data that needs GDPR protection, like that which identifies an individual or a company and any associated data. Going forward companies will have a system in place for new contracts to adhere to this, but for now, there are thousands of existing contracts that will need to comply.

The first challenge is likely to be simply finding all those contracts. Retrieving them can be a fairly laboursome task, some contracts will go back years, there may be duplicates, some will be in paper format, some will be on email, and stored in various locations, event those in an all-singing-and-dancing contract management system may materialise, once retrieved, into blank pages, some with signatures or other important information missing. It’s quite a daunting exercise.

“Then the process you have to go through to get your supply base to the point of compliance is quite a repetitive task, we have found,” said Nick. “It requires a highly structured process to identify relevant contracts, specify the clauses or deeds that need to be inserted, analyse them, send them off to suppliers, which will involve further dialogue, and get it all signed off. For some organisations you might be looking at 2,000 contracts. Any deeds or amendments must be approved and legally tied together, so the whole process needs a mix of legal and procurement people – that is vital.”

So Odesma has set up The Contracts Factory to take care of that transactional side of the process; they have identified a stage that can be outsourced and dealt with quickly. To this end they have been working on compiling a team in-house, bringing in people with the right skills to extend their capability to offer this service. “We have been contacted by many people about this type of service,” said Nick, “so we’ve tried to be creative, and now we can offer it. The problem is that Procurement organisations just don’t have this kind of bandwidth themselves. We are working with customers right now; there’s a lot to be done and time is, well let’s say, a sensitive issue.”

We’ve done a bit of research here at Spend Matters and we haven’t been able to find anything in place like this. It seems to be a clear-cut service, with simple and transactional-based pricing models, even for short-term engagements, and you are paying for a guaranteed quality output - a revised contract - which is ready for GDPR compliance in agreement with your supplier.

There’s an added value too for companies going through the transactional process of contract compliance. As Nick explains: “We have found that the whole process can also be seen as an opportunity for a clean-up exercise. The by-product is a fresh look at your current supplier portfolio across the board; the programme can also kick start contract owners back into SRM activities, some of whom may not have interacted closely with a supplier in years. Of course procurement and supply chain teams are at the centre of this compliance issue, through the amount of one-to-one work required with suppliers and the management of risk, so it reveals to the rest of the organisation the importance of the effective contract management and supplier relationship management that procurement has put in place. It certainly elevates procurement’s position.”

GDPR compliance is a Board-level issue, with regular reporting required. Its high-profile nature, along with the associated risks of fairly severe financial penalties and reputational damage, mean that in many cases chief risk officers and chief data officers are being appointed. So it’s a serious legal concern, and while other avenues, such as contract authoring software and compliance checking software do have their place, Nick believes this calls for something more specific.

If you would like to know more about The Contracts Factory, Nick has compiled a short briefing paper which you can download here – free on short registration. Or you can visit the website here or contact Odesma at contact@odesma.co.uk